Re: [tdf-discuss] security related information, CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214
Hi, Le 09/11/2015 10:09, Caolán McNamara a écrit : > On Sun, 2015-11-08 at 23:23 +0100, Rene Engelhard wrote: >> I did some research today based on the commit messages - and when I >> am not mistaken >> most of them are fixed in 5.0.0 but CVE-2015-5214 is fixed only in >> 5.0.1. >> (But still long before 5.0.3) > > Yeah, rene's right. 5.0.1 is the oldest 5.0.X version where everything > is addressed, not 5.0.0. So 4.4.6+/5.0.1+ are the "good versions". Thank you to both of you for that clarification. Best regards. JBF > > C. > -- Seuls des formats ouverts peuvent assurer la pérennité de vos documents. Disclaimer: my Internet Provider being located in France, each of our exchanges over Internet will be scanned by French spying services. -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [tdf-discuss] security related information, CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214
On Sun, 2015-11-08 at 23:23 +0100, Rene Engelhard wrote: > I did some research today based on the commit messages - and when I > am not mistaken > most of them are fixed in 5.0.0 but CVE-2015-5214 is fixed only in > 5.0.1. > (But still long before 5.0.3) Yeah, rene's right. 5.0.1 is the oldest 5.0.X version where everything is addressed, not 5.0.0. So 4.4.6+/5.0.1+ are the "good versions". C. -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [tdf-discuss] security related information, CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214
On Sun, Nov 08, 2015 at 11:01:48AM +0100, Rene Engelhard wrote: > On Sat, Nov 07, 2015 at 11:33:52PM +0100, Jean-Baptiste Faure wrote: > > Le 05/11/2015 12:19, Caolán McNamara a écrit : > > > Bottom Line: ensure you are upgraded to at least 4.4.6 or 5.0.0 > > > > > > Fixed in LibreOffice 4.4.6/5.0.0 > > > > > > CVE-2015-5214 DOC Bookmark Status Memory Corruption > > > http://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/ > > > > > > Fixed in LibreOffice 4.4.5/5.0.0 > > > > Do you confirm that these security issues are fixed in 5.0._0_ (that is > > to say since 2015-08-05) and not only in 5.0._3_ that has been just > > released ? > > It was definitely fixed before 5.0.3. > My memories say from 5.0.2 rc1 onwards or somesuch but it might also be wrong > and confusing something. I did some research today based on the commit messages - and when I am not mistaken most of them are fixed in 5.0.0 but CVE-2015-5214 is fixed only in 5.0.1. (But still long before 5.0.3) Regards, Rene -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [tdf-discuss] security related information, CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214
Hi, On Sat, Nov 07, 2015 at 11:33:52PM +0100, Jean-Baptiste Faure wrote: > Le 05/11/2015 12:19, Caolán McNamara a écrit : > > Bottom Line: ensure you are upgraded to at least 4.4.6 or 5.0.0 > > > > Fixed in LibreOffice 4.4.6/5.0.0 > > > > CVE-2015-5214 DOC Bookmark Status Memory Corruption > > http://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/ > > > > Fixed in LibreOffice 4.4.5/5.0.0 > > Do you confirm that these security issues are fixed in 5.0._0_ (that is > to say since 2015-08-05) and not only in 5.0._3_ that has been just > released ? It was definitely fixed before 5.0.3. My memories say from 5.0.2 rc1 onwards or somesuch but it might also be wrong and confusing something. Regards, Rene -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [tdf-discuss] security related information, CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214
Hi Caolán, Le 05/11/2015 12:19, Caolán McNamara a écrit : > Bottom Line: ensure you are upgraded to at least 4.4.6 or 5.0.0 > > Fixed in LibreOffice 4.4.6/5.0.0 > > CVE-2015-5214 DOC Bookmark Status Memory Corruption > http://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/ > > Fixed in LibreOffice 4.4.5/5.0.0 Do you confirm that these security issues are fixed in 5.0._0_ (that is to say since 2015-08-05) and not only in 5.0._3_ that has been just released ? Best regards. JBF -- Seuls des formats ouverts peuvent assurer la pérennité de vos documents. Disclaimer: my Internet Provider being located in France, each of our exchanges over Internet will be scanned by French spying services. -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
